Adobe Preps Security Update for Black Hat Flaw

Adobe Systems is planning to issue an out-of-band security update
later this month to plug multiple security holes, including
one discussed last week at the Black Hat security conference.

The update will cover critical bugs affecting Adobe Reader and
Acrobat. Among them will be a flaw mentioned at Black Hat by
Charles Miller, principal security analyst with consulting firm
Independent Security Evaluators. The bug, which can be used by attackers to compromise a system, is due to an integer overflow error.

"We are planning to make available an out-of-band security update
for Adobe Reader and Acrobat during the week of August 16, 2010," an
Adobe spokesperson told eWEEK. "This update will resolve critical
security issues in Adobe Reader 9.3.3 for Windows, Macintosh and UNIX,
Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3
and Acrobat 8.2.3 for Windows and Macintosh, including CVE-2010-2862
which was discussed at the Black Hat USA 2010 security conference on
Wednesday, July 28, 2010."

According to Secunia,
the vulnerability uncovered by Miller can be exploited to corrupt
memory via a PDF file containing a specially-crafted TrueType font, and
affects Adobe Reader versions 8.2.3 and 9.3.3 as well as Acrobat 9.3.3.
The company warned that earlier versions may be affected as well, and
advised users not to open untrusted PDF files with the software.

The Adobe spokesperson said the company is currently
unaware of any exploits in the wild targeting any of the issues slated
to be covered in the update.